Age | Commit message (Collapse) | Author |
|
|
|
Co-authored-by: Mohammed Al Sahaf <[email protected]>
|
|
|
|
The context may have no replacer
|
|
|
|
|
|
Co-authored-by: Kanashimia <[email protected]>
|
|
* Runtime placeholders for caddytls matchers (1/3):
- remove IPs validation in UnmarshalCaddyfile
* Runtime placeholders for caddytls matchers (2/3):
- add placeholder replacement for IPs in Provision
* Runtime placeholders for caddytls matchers (3/3):
- add placeholder replacement for other strings
* Runtime placeholders for caddyhttp matchers (1/1):
- add placeholder replacement for IPs in Provision
* Runtime placeholders for caddyhttp/caddytls matchers:
- move PrivateRandesCIDR under internal
|
|
|
|
* fileserver: add `sort` options
* fix: test
* fileserver: check options in `Provison`
* fileserver: more obvious err alerts in sort options
|
|
(#6485)
* proxyprotocol : Update WrapListener to use ConnPolicyFunc for PROXY protocol support
* proxyprotocol : Updated dependency pires/go-proxyproto to pseudo latest version
|
|
|
|
Signed-off-by: Mohammed Al Sahaf <[email protected]>
|
|
* Caddyfile support for TLS custom certificate selection policy
* Caddyfile support for TLS connection policy
|
|
* Caddyfile support for TLS handshake matchers:
- caddytls.MatchLocalIP
- caddytls.MatchRemoteIP
- caddytls.MatchServerName
* Caddyfile support for TLS handshake matchers:
- fix imports order
Co-authored-by: Francis Lavoie <[email protected]>
---------
Co-authored-by: Francis Lavoie <[email protected]>
|
|
|
|
|
|
* Add health_upstream
Signed-off-by: Dylan Schultz <[email protected]>
* Add health_upstream to caddyfile parsing
* Add Active Upstream case for health checks
* Update ignore health port comment
Signed-off-by: Dylan Schultz <[email protected]>
* Update Upstream json doc
Signed-off-by: Dylan Schultz <[email protected]>
* Update modules/caddyhttp/reverseproxy/healthchecks.go
Co-authored-by: Francis Lavoie <[email protected]>
* Use error rather than log for health_port override
Signed-off-by: Dylan Schultz <[email protected]>
* Add comment about port being ignore if using upstream
Signed-off-by: Dylan Schultz <[email protected]>
---------
Signed-off-by: Dylan Schultz <[email protected]>
Co-authored-by: Francis Lavoie <[email protected]>
|
|
* Add Caddyfile support of setting active health check request method
* Add integration test for active health check request method
|
|
* Add option to set which HTTP method to use for active health checks
* Default Method to GET if not set
|
|
(#6450)
Co-authored-by: Francis Lavoie <[email protected]>
|
|
|
|
* fileserver: Exclude symlink target size from total, show arrow on size
* Keep both totals
* Linter doesn't like my spelling :(
* Stop parallelizing tests for now
* Update modules/caddyhttp/fileserver/browse.html
* Minor renamings
---------
Co-authored-by: Matthew Holt <[email protected]>
|
|
* Remove 'strict-dynamic' + block-all-mixed-content
* CSP: remove 'unsafe-inline' from script-src
|
|
* browse: add Content-Security-Policy w/ nonce
* Add backward-compat values to script-src
* Remove dummy "#" href from layout anchors
|
|
|
|
when proxying (#6427)
* caddyhttp: Reject 0-RTT early data in IP matchers and set Early-Data header when proxying
See RFC 8470: https://httpwg.org/specs/rfc8470.html
Thanks to Michael Wedl (@MWedl) at the University of Applied Sciences St. Poelten for reporting this.
* Don't return value for {remote} placeholder in early data
* Add Caddyfile support
|
|
* fix: don't compress already compressed fonts
* fix: remove WOFF
|
|
|
|
|
|
|
|
* Removed newline characters from precomputed etags
* Update modules/caddyhttp/fileserver/staticfiles.go
---------
Co-authored-by: Matt Holt <[email protected]>
|
|
|
|
* reverseproxy: add Max-Age option to sticky cookie
* Update selectionpolicies.go
Co-authored-by: Francis Lavoie <[email protected]>
* Update selectionpolicies.go
Co-authored-by: Francis Lavoie <[email protected]>
---------
Co-authored-by: Francis Lavoie <[email protected]>
|
|
* a
* a
* a
* a
* a
* a
|
|
101d3e7 introduced a configuration option to set the log file mode.
This option was not taken into account if the file already exists,
making users having to delete their logs to have new logs created
with the right mode.
|
|
|
|
The latest tscert allows callers to provide a custom http.Transport for
calling Tailscale's local API.
Updates tailscale/caddy-tailscale#66
|
|
Commit 101d3e7 introduced file mode setting,
but was missing a JSON Marshaller so that
CaddyFile can be converted to JSON safely.
|
|
|
|
* Split `run` into a public `BuildContext` and a private part
`BuildContext` can be used to set up a caddy context from a config, but not start any listeners
or active components: The returned context has the configured apps provisioned, but otherwise is
inert.
This is EXPERIMENTAL: Minimally it's missing documentation and the example for how this can be
used to run unit tests.
* Use the config from the context
The config passed into `BuildContext` can be nil, in which case `BuildContext` will just make one
up that works. In either case that will end up in the finished context.
* Rename `BuildContext` to `ProvisionContext` to better match the function
* Hide the `replaceAdminServer` parts
The admin server is a global thing, and in the envisioned use case for `ProvisionContext`
shouldn't actually exist. Hide this detail in a private `provisionContext` instead, and
only expose it publicly with `replaceAdminServer` set to `false`.
This should reduce foot-shooting potential further; in addition the documentation comment
now clearly spells out that the exact interface and implementation details of `ProvisionContext`
are experimental and subject to change.
|
|
Adding a "mode" option to overwrite the default logfile permissions.
Default remains "0600" which is the one currently used by lumberjack.
|
|
|
|
Signed-off-by: Mohammed Al Sahaf <[email protected]>
|
|
* cmd: remove zealous check of Caddyfile auto-detection
* add test case
* remove redundant check, add comment
* one more case
|
|
* caddyhttp: Add test case to corpus
* One more test case
* Clean up stray comment
* More tests
|
|
certmagic (#6368)
See discussion about this setting in https://github.com/caddyserver/certmagic/issues/201
|
|
* cmd: fix regression in auto-detect of Caddyfile
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* fix typo
Co-authored-by: Git'Fellow <[email protected]>
* add tests
* address review comments
---------
Signed-off-by: Mohammed Al Sahaf <[email protected]>
Co-authored-by: Git'Fellow <[email protected]>
|
|
* cmd: fix auto-detetction of .caddyfile extension
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* move conditions around and add clarifying comment
Signed-off-by: Mohammed Al Sahaf <[email protected]>
* reject ambiguous config file name
Signed-off-by: Mohammed Al Sahaf <[email protected]>
---------
Signed-off-by: Mohammed Al Sahaf <[email protected]>
|
|
SanitizePathJoin protects against directory traversal attacks by
checking for requests whose URL path look like they are trying to
request something other than a local file, and returns the root
directory in those cases.
The method is also careful to ensure that requests which contain a
trailing slash include a trailing slash in the returned value. However,
for requests that contain only a slash (requests for the root path), the
IsLocal check returns early before the matching trailing slash is
re-added.
This change updates SanitizePathJoin to only perform the
filepath.IsLocal check if the cleaned request URL path is non-empty.
---
This change also updates the existing SanitizePathJoin tests to use
filepath.FromSlash rather than filepath.Join. This makes the expected
value a little easier to read, but also has the advantage of not being
processed by filepath.Clean like filepath.Join is. This means that the
exact expect value will be compared, not the result of first cleaning
it.
Fixes #6352
|